tcpdump mailing list archives
Re: Sending captured packets to a virtual nic
From: Guy Harris <guy () alum mit edu>
Date: Sun, 22 Apr 2007 13:23:38 -0700
Quan Doan wrote:
Hi Aaron, Thank you. But the thing is I would like to monitor those traffic from our LAN, and I only could capture those packets on my box, then I will transfer all packets from my box to my monitoring server. With Ethereal I can not monitor all packets in real-time.
In your original article, you said:
I had captured a lot packets from my box, which is a gateway of a LAN. Those packets are sent back to me. Now I have those packets, I would like to use the Ethereal for analyzing them.
which seemed to imply that you had a capture file with packets that you'd already captured. if so, it's too late to do anything in real time - the capture is already done.
If, instead, you mean that you want, in the future, to be able to capture packets, and watch them arrive in real time (i.e., view them at the time that they arrive), then:
So, shortly, I have captured packets, they come in real-time, but I don't know how to "replay" those packets to Ethereal.
...transmitting them on a virtual NIC isn't the answer.As you sent this to tcpdump-workers rather than winpcap-users, I assume you're doing at least some of this on UN*X.
Therefore, you might be able to, from the box running Wireshark (which used to be called "Ethereal" in earlier releases; see
http://www.wireshark.org/faq.html#q1.2
if you're curious about the story behind the name change), run tcpdump
on your box over ssh, and send its output to the machine running Wireshark.
What you'd want to do is to, on the machine running Wireshark:
create a named pipe (e.g., with the "mkfifo" or "mknod" command);
use ssh to run tcpdump, in that fashion, on your box - run it with "-s
0" ("-s 65535" with really ancient versions of tcpdump - or, if you
don't want the full packets, pass the appropriate snapshot length) and
"-w -" (so the packets are written to the standard output), and redirect
the output of ssh to the named pipe;
start up Wireshark, and start a capture, capturing from a "device" whose name is the pathname of the named pipe.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Sending captured packets to a virtual nic Quan Doan (Apr 22)
- Re: Sending captured packets to a virtual nic Aaron Turner (Apr 22)
- Re: Sending captured packets to a virtual nic Quan Doan (Apr 22)
- Re: Sending captured packets to a virtual nic Quan Doan (Apr 22)
- Re: Sending captured packets to a virtual nic Guy Harris (Apr 22)
- Re: Sending captured packets to a virtual nic Jefferson Ogata (Apr 22)
- Re: Sending captured packets to a virtual nic Quan Doan (Apr 22)
- Re: Sending captured packets to a virtual nic Guy Harris (Apr 22)
- Re: Sending captured packets to a virtual nic Quan Doan (Apr 22)
- Re: Sending captured packets to a virtual nic Aaron Turner (Apr 22)